Google or other search engines with text from the
e-mail may provide results
on others who’ve been infected, and possibly steps to properly remove the bot
from systems.
Identifying what a botnet is doing may also show that more files than just
the botnet are being stored on infected machines. As we’ve
mentioned, some
botnets act as distribution servers, and may be used to store illegal copies of
software, music files, movies, or other copyrighted material. In some cases, more
disturbing files may
be distributed by the botnet, such as child pornography or
malicious software that’s used to infect other computers.You’ll want to remove
such material from your network, but it is important
that the data remains pre-
served if there is a criminal investigation. In such cases, it is often best to remove
the hard disk from the computer, and replace it with
one that has a clean instal-
lation of the operating system and software.The infected hard disk can then be
given to law enforcement, and reformatted when it’s of no further use to them.
In the U.S., all cases of child pornography must be reported to the FBI.
Mere possession of child pornography is a federal crime, so
the original hard
drive and any copies or images you make must be turned over to the FBI. In
this case you must not retain a copy of the evidence for your files.
T
IP
Anything gathered could be used as evidence in an investigation, so it is
important that you don’t dismiss information on the botnets as irrele-
vant. Having log files that show hundreds
or thousands of messages
were sent from computers, copies of the spam that was sent, and pre-
cise documentation on how this evidence was
acquired can all be useful
in subsequent criminal or civil proceedings. Once it is apparent that
your network has been attacked or compromised, it is important that
you keep records of what actions were taken and when they occurred.
You never know where the information
you gather will take you, so it is
important to document the process of what occurred.
It is also important to identify the scope or extent of an attack on your net-
work, and what information (if any) has been accessed. Because botnets could be
used to access data on a computer or pose as the user
currently logged on to the
network, it is possible the bot has been used to access client information, credit
card numbers, or other information stored on the computer or a network server.
Do'stlaringiz bilan baham: